CVE-2009-5082

EUVD-2009-5037
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
gnugroff
1.20.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
groff
bookworm
1.22.4-10
fixed
bullseye
1.22.4-6
fixed
sid
1.23.0-5
fixed
trixie
1.23.0-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
groff
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
Common Weakness Enumeration
References
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h
http://openwall.com/lists/oss-security/2009/08/14/4
http://openwall.com/lists/oss-security/2009/08/14/5
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h
http://openwall.com/lists/oss-security/2009/08/14/4
http://openwall.com/lists/oss-security/2009/08/14/5